phpGroupWare Multiple Vulnerabilities

Published: 2010-05-17 10:46:01
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:

Detection Type:
Remote Banner

Solution Type:
Vendor Patch

The vendor has released phpGroupWare to address this issue. Please see the references for more information.

phpGroupWare is prone to multiple SQL-injection vulnerabilities and to a Local File Include Vulnerability because it fails to sufficiently sanitize user-supplied data before using it.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database or to view files and execute local scripts in the context of the webserver process.

Affected Versions:
Versions of phpGroupWare prior to are vulnerable.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

SecurityFocus Bugtraq ID:


CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.